CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•9 views

CVE-2026-46847

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Runtime Tools. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCent...

9.9CVSS0.00402EPSS

OSSF Malicious Packages•added 6 days ago•6 views

Malicious code in classbreeze-utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e19daf4f946816f5ba3c6e592eacc980861b281c6752b738de57fdd31f49279d The package masquerades as a Tailwind plugin: README and the top of src/index.js are a verbatim clone of @tailwindcss/typography...

5.6AI score

Positive Technologies•added 6 days ago•6 views

PT-2026-50471

Name of the Vulnerable Software and Affected Versions chrome-devtools-mcp affected versions not specified Description On POSIX systems, specifically macOS and Linux sessions where the XDG RUNTIME DIR environment variable is unset, the daemon writes its PID file to a deterministic path in /tmp usi...

6.1CVSS5.4AI score

Exploits0References4

OSV•added 6 days ago•4 views

UBUNTU-CVE-2026-47261

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36...

7.5CVSS5.2AI score0.005EPSS

Photon•added 6 days ago•4 views

Important Photon OS Security Update - PHSA-2026-4.0-1036

Updates of 'wireshark', 'nginx', 'dotnet-runtime' packages of Photon OS have been released...

7.5CVSS5.8AI score0.00193EPSS

Exploits4

NVD•added 2026/06/16 8:16 p.m.•6 views

CVE-2026-0133

In smmuattachdev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00067EPSS

NVD•added 2026/06/16 7:17 p.m.•9 views

CVE-2026-53858

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATEDIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATEDIRECTORY variable to load runtime dependencies from unintended local paths, potentially...

7.1CVSS0.00124EPSS

NVD•added 2026/06/16 7:17 p.m.•10 views

CVE-2026-53842

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDKPYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDKPYTHON variable to execute...

7.1CVSS0.00133EPSS

Cvelist•added 2026/06/16 6:51 p.m.•20 views

CVE-2026-0133

0.00067EPSS

Vulnrichment•added 2026/06/16 6:5 p.m.•6 views

CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

7.1CVSS5.3AI score0.00124EPSS

Cvelist•added 2026/06/16 6:5 p.m.•18 views

CVE-2026-53858 OpenClaw < 2026.5.2 - Arbitrary Runtime Dependency Loading via STATE_DIRECTORY Environment Variable

7.1CVSS0.00124EPSS

CVE•added 2026/06/16 6:5 p.m.•9 views

CVE-2026-53858

OpenClaw (pre-2026.5.2) is affected by CVE-2026-53858: an environment variable injection flaw where the workspace .env STATE_DIRECTORY can influence bundled runtime dependency roots. An attacker can manipulate STATE_DIRECTORY to load runtime dependencies from unintended local paths, potentially e...

7.1CVSS5.3AI score0.00124EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/06/16 6:4 p.m.•17 views

CVE-2026-53846 OpenClaw < 2026.4.29 - Arbitrary Package Manager Execution via Workspace .env npm_execpath

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npmexecpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager...

7.1CVSS0.00115EPSS

Github Security Blog•added 2026/06/16 2:33 p.m.•16 views

Microsoft Security Advisory CVE-2026-45491 – .NET Tampering Vulnerability

Executive Summary Microsoft is releasing this security advisory to provide information about a vulnerability in System.Formats.Tar. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability exists in the...

6.2CVSS5.6AI score0.00272EPSS

Exploits0References5Affected Software3

RedHat Linux•added 2026/06/16 7:39 a.m.•4 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.22.1 security and extras update

Red Hat OpenShift Container Platform release 4.22.1 is now available with updates to packages and images that fix several bugs. This release includes a security update for Red Hat OpenShift Container Platform 4.22. Red Hat Product Security has rated this update as having a security impact of...

8.7CVSS5.5AI score0.0043EPSS

Positive Technologies•added 2026/06/16 12:0 a.m.•9 views

PT-2026-50012

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Web Runtime Security component of JD Edwards EnterpriseOne Tools. An unauthenticated attacker with network access via HTTP can exploit this fla...

9.8CVSS5.9AI score0.00473EPSS

Positive Technologies•added 2026/06/16 12:0 a.m.•12 views

PT-2026-50019

9.3CVSS5.9AI score0.00338EPSS

Positive Technologies•added 2026/06/16 12:0 a.m.•6 views

PT-2026-49792

In smmu attach dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.00067EPSS